Deutsche Telekom experimenting with NFV in Docker

Deutsche Telekom is looking to exploit the unique capabilities of Linux containers for NFV

Deutsche Telekom is experimenting with running virtualised network functions in Linux containers, a senior researcher engineer at the German incumbent telco told BCN.

Sriram Natarajan, vice-chair of the Security Group at Open Networking Foundation and research engineer at T-Labs in California, the research and development arm of DT is currently experimenting with deploying virtualised network services inside Docker and leveraging the capabilities of OpenV, an open source software-based multilayer network switch, in the container world.

“In theory there is so much potential to leverage the power and scalability of containers here. For instance, you can set quality of service for different tenants, or scale bandwidth for different tenants,” he said. “Most people are thinking about using Docker for web applications or databases, but from a networking perspective it takes NFV to the next level.”

Typically, VNFs are deployed in virtual machines that sit on top of a hypervisor, but Linux containers – which can coexist with virtual machines on some virtualisation platforms – use a different structure that puts isolated Linux systems (containers) on a single Linux control host, and allows more granular resource isolation and greater elasticity.

Telcos and cloud service providers are keen to exploit NFV because it has the potential to reduce reliance on expensive proprietary networking gear and increase network elasticity.

“Performance metrics will circle around instantiation time, update time, whether VNFs can meet the SP’s SLA promises, QoS support and ease of operation.”

With the relatively nascent state of NFV generally and Docker specifically, however, Natarajan said it will be some time yet before Dockerised NFV becomes production-ready.

He said the tools currently in place to Dockerise VNFs are, despite their rapid rate of evolution, relatively immature, forcing Natarajan to do a lot of low level configuration work and write various large scripts that make the whole system too complex.

“If you look at what Docker offers in terms of networking, they use Linux bridges internally to share the host network with these containers, and we try to work with that – it works okay in a single host, but working across hosts in a clustered environment is very challenging,” he explained, adding that the firm is experimenting with replacing Docker’s native networking tools with an OpenV switch.

Natarajan said the other big challenge is managing the security gap in NFV and SDN more broadly.

“Most of the focus so far has been on defining security from a policy standpoint, which is important, but in practical terms what you really need is a broadly accepted implementation guidelines – i.e. What are the security considerations for deploying OpenFlow or any other SDN solution so that you don’t introduce loopholes in your architecture?”

“There’s also a critical lack of security software in virtualised network environments,” he added. “But the good news is that this space is evolving so quickly, with developers adding so many great features; the pace of change in this area is tremendous.”

Jonathan BrandonJonathan Brandon is editor of Business Cloud News where he covers anything and everything cloud. Follow him on Twitter at @jonathanbrandon.

Software Defined Networking (SDN) is a breakthrough which is seemingly in everyone’s technology roadmap, but not ‘sexy’ enough to command column inches in recent months. At Telco Cloud, Juniper Cloud Automation Architect Scott Alexander argued the use case for security.

Research from Viavi Solutions has indicated SDN technologies are on the rise within enterprise organizations, but there also might be a number of organizations who are implementing the cloud for the wrong reasons.